MindAPI makes API security research and testing easier
Security researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier. “I love mind maps. …
security testing
Product showcase: Pentest Robots
Security testing automation is not about building tech to replace humans. We don’t adhere to that limiting view because it fails to capture the complexity and depth of …
Addressing the lack of knowledge around pen testing
The vast majority of attackers are opportunist criminals looking for easy targets to maximize their profits. If defenses are sufficiently fortified, finding a way through will …
Application security: Getting it right, from the start
Security testing data is “the unsung hero” of securing application development. It’s the backbone of application development quality, compliance and risk management, and rests …
SecOps teams face challenges in understanding how security tools work
Security professionals are overconfident in their tools with 50% reporting that they have experienced a security breach because one or more of their security products was not …
The rise of continuous crowdsourced security testing for compliance
A large percentage of organizations and institutions are moving toward a rigorous, continuous testing model to ensure compliance, a Synack report reveals. As part of this …
CrackQ: Efficient password cracking for pentesters and red teamers
CrackQ employs automation to make password cracking a faster and more efficient undertaking for pentesters and red teamers. CrackQ dashboard “Regular security testing is …
Most IT pros find red team exercises more effective than blue team testing
More than one-third of security professionals’ defensive blue teams fail to catch offensive red teams, a study from Exabeam reveals. The survey, conducted at Black Hat USA …
Organizations that scan applications in production have a reduced risk of being breached
Despite a significantly increased focus on application security testing, remediation rates for vulnerabilities continue to shrink, according to WhiteHat Security. Setu …
Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too
Microsoft has rewritten and open-sourced Attack Surface Analyzer (ASA), a security tool that points out potentially risky system changes introduced by the installation of new …
Should you trust that Chrome extension? Use CRXcavator to decide
Duo Security has released CRXcavator, a tool that can help end users and enterprises make an informed decision about installing a specific Chrome extension. About CRXcavator …
Making informed decisions: The importance of data driven security
When deciding what product to buy, the information the vendor offers about the product is helpful, but not nearly enough: you need to analyze individual product results and …
